CVE-2025-2495 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScri…
Medium CVSS: 5.3

CVE-2025-2495

Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the ‘/softdial/scheduler/load.php’ resource and can redirect the victim to malicious sites or steal their login information to spoof their identity.
Vendor
Sytel
Product
Softdial Contact Center
CWE
CWE-79
Yayın Tarihi
2025-03-18 12:15:16
Güncelleme
2025-10-21 14:48:25
Source Identifier
cve-coordination@incibe.es
KEV Date Added
-

Kategoriler

CWE-79 Softdial Contact Center MEDIUM Sytel 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-softdial-contact-center